We have quite a few visitors to our campus and we don't want to have a set PSK for the wireless so we have configured a guest network where visitors can create an account and gain access to the internet and we don't have to "manage" it since the accounts will expire after a certain time. We have RF scanners in our warehouses and we want them to be allowed on the network and be put into its own VLAN. ClearPass can do this flawlessly by keying off of the MAC address when it comes online and putting it into the correct VLAN. This makes it so we don't have to add each device individually to the system. The only time ClearPass would not be appropriate is in a small deployment where the cost to value wouldn't make sense.
Sophos Network Access Control would be most effective in an enterprise environment where there are many different groups of users, including guest users because it has the ability to block unauthorized users and control the access of guest users. It would not be well suited for an environment with less than 1000 users because as far as I know, the license requires at least that many users.
Customer support was basically non-existent during the time we needed it the most. This should be #1 priority for any company.
Lack of support for Linux servers and Mac OS
The reporting system relies on information provided by the agents
Wide scale removal process needs some vast improvements. When using a batch removal script, it wrecks the NIC drivers to the point that they have to be removed and reinstalled.
Aruba Clearpass is straight forward in terms of day to day use for monitoring and basic user connectivity issues. The system is very robust on the back end, therefore some larger configuration changes may not be the most intuitive. System upgrades and license management are not the most intuitive either.
We had some issues with ClearPass integration with AirGroup on Aruba Controller Clusters. Basically, it was tough to get coordinated between the controller support and the ClearPass support.
From my experience, ClearPass has been the best NAC server of all I've seen. Even though configuration is somewhat hard and it's hard to get training, once you learn how to configure it it works very well. The policies are very granular and scalable and the interface is a well-done web GUI that does not need any extra plugins installed, as some of Cisco's product require. There are many more options than with FortiNAC, and many more integration options. Also, troubleshooting and logging is good.
I have used Mcafee Antivirus Suite, Trend Micro, and Vipre Antivirus. I actually had more experience with Vipre than anything else so that is the one that I will be comparing it too. From what I remember, Vipre was more expensive but had better customer support. Other than that, they both do pretty much thing as well as what all the others do. I personally do not believe that any enterprise level antivirus solution is better than any other, it boils down to which one can your company afford, and which one fits best with your needs.
Positive -- We were able to control guest users access
Positive -- Using the entire Sophos Security Suite I only remember one major virus while I was with the company which saves on downtime, and IT man hours
Negative -- The time we spent removing this, and reinstalling NIC drivers because the removal process crashed them cost the company in IT man hours.